US12524752B2ActiveUtilityA1

Systems and methods for authenticating a user commerce account associated with a merchant of a commerce platform

82
Assignee: STRIPE INCPriority: Sep 26, 2016Filed: Dec 4, 2023Granted: Jan 13, 2026
Est. expirySep 26, 2036(~10.2 yrs left)· nominal 20-yr term from priority
G06Q 20/401H04W 12/04H04W 12/041H04L 63/061H04L 63/168H04W 12/06H04L 63/08H04L 63/18G06Q 20/3829G06Q 20/405G06Q 20/322
82
PatentIndex Score
0
Cited by
54
References
18
Claims

Abstract

A method and apparatus for authenticating a user commerce account associated with a merchant of a commerce platform are described. The method may include initiating authentication of the user commerce account associated with the merchant of the commerce platform from a commerce platform user interface of a user device, the user commerce account established for a user of the merchant. The method may also include sending an electronic message to a mobile device associated with the user account at the commerce platform, wherein the electronic message comprises an authentication code, and receiving the authentication code from the commerce platform user interface. Furthermore, the method may include generating an authentication key for the mobile device in response to matching the received authentication code with the sent authentication code and receiving a cookie provided from the commerce platform to the mobile device.

Claims

exact text as granted — not AI-modified
We claim: 
     
         1 . A method for authenticating a user account associated with a second server system, the user account providing one or more services of a first server system, the method comprising:
 initiating, by one or more processors of the second server system, authentication of the user account in response to receipt of an electronic message over a first communications channel from a first server system user interface of a user device, the user account established for a user of the second server system;   requesting, by the one or more processors, a first authentication data from an application programming interface (API) executing on the user device, the first authentication data stored at the user device prior to initiation of the authentication, wherein the first authentication data comprises a cookie indicative of a known prior device state of the user device;   receiving, by the one or more processors from the API, the first authentication data from the API executing on the user device;   sending, by the one or more processors over a second communications channel, a second electronic message to a mobile device associated with the user account at the first server system, wherein the second electronic message comprises a second authentication data;   receiving, by the one or more processors over the first communications channel, the second authentication data from the first server system user interface;   in response at least in part to a verification of the first authentication data and matching the received second authentication data with the sent second authentication data, verifying, by the one or more processors, the user as an authenticated user for the user account; and   in response at least in part to verifying the user, generating, by the one or more processors, an authentication key for authenticating the user account at the first server system.   
     
     
         2 . The method of  claim 1 , wherein the second authentication data comprises an authentication code. 
     
     
         3 . The method of  claim 1 , wherein the user is an existing user of the first server system and the first authentication data is generated and stored on the user device during a second authentication of a second user account associated with a third server system that uses the one or more services of the first server system prior to initiation of the authentication. 
     
     
         4 . The method of  claim 1 , further comprising:
 generating, by the one or more processors, the authentication key for the mobile device in response to:
 the verification of the first authentication data and the matching of the second authentication data with the sent second authentication data; and 
   providing, by the one or more processors, the authentication key to the user device for authentication of the user device on behalf of the user account when interacting with the first server system through a second server system application.   
     
     
         5 . The method of  claim 1 , wherein sending the electronic message to the mobile device comprises:
 causing, by the one or more processors, the first server system user interface to display a request to enter a mobile number purported to be for the mobile device;   receiving, by the one or more processors, the mobile number entered into the first server system user interface;   transmitting, by the one or more processors, a text message to the mobile number, wherein the second authentication data is embedded in a universal resource locator (URL) in a body of the text message;   detecting, by the one or more processors, a user selection of the URL at the first server system indicative of selection of the URL from the text message; and   authenticating, by the one or more processors, the mobile device in response to receiving the second authentication data from the user selection of the URL.   
     
     
         6 . The method of  claim 1 , wherein the first authentication data is received from the API via the first communications channel, and the second authentication data is sent via the second communications channel different from the first communications channel. 
     
     
         7 . The method of  claim 4 , further comprising:
 directing, by the one or more processors, the first server system user interface to display a user interface for collection of additional user data after providing the authentication key, the additional user data comprising user biographical information, user financial information, or a combination thereof;   receiving, by the one or more processors, the additional user data from the first server system user interface; and   associating, by the one or more processors, the additional user data with the user account at the first server system.   
     
     
         8 . A non-transitory computer readable storage medium including instructions that, when executed by one or more processors of a second server system, cause the one or more processors to perform operations for authenticating a user account associated with the second server system, the user account providing one or more services of a first server system, the operations comprising:
 initiating authentication of the user account in response to receipt of an electronic message over a first communications channel from a first server system user interface of a user device, the user account established for a user of the second server system;   requesting a first authentication data from an application programming interface (API) executing on the user device, the first authentication data stored at the user device prior to initiation of the authentication, wherein the first authentication data comprises a cookie indicative of a known prior device state of the user device;   receiving, from the API, the first authentication data from the API executing on the user device;   sending over a second communications channel a second electronic message to a mobile device associated with the user account at the first server system, wherein the second electronic message comprises a second authentication data;   receiving over the first communications channel the second authentication data from the first server system user interface;   in response at least in part to a verification of the first authentication data and matching the received second authentication data with the sent second authentication data, verifying the user as an authenticated user for the user account; and   in response at least in part to verifying the user, generating an authentication key for authenticating the user account at the first server system.   
     
     
         9 . The non-transitory computer readable storage medium of  claim 8 , wherein the second authentication data comprises an authentication code. 
     
     
         10 . The non-transitory computer readable storage medium of  claim 8 , wherein the user is an existing user of the first server system and the first authentication data is generated and stored on the user device during a second authentication of a second user account associated with a third server system that uses the one or more services of the first server system prior to initiation of the authentication. 
     
     
         11 . The non-transitory computer readable storage medium of  claim 8 , further comprising:
 generating the authentication key for the mobile device in response to:
 the verification of the first authentication data and the matching of the second authentication data with the sent second authentication data; and 
   providing the authentication key to the user device for authentication of the user device on behalf of the user account when interacting with the first server system through a second server system application.   
     
     
         12 . The non-transitory computer readable storage medium of  claim 8 , wherein sending the electronic message to the mobile device comprises:
 causing the first server system user interface to display a request to enter a mobile number purported to be for the mobile device;   receiving the mobile number entered into the first server system user interface;   transmitting a text message to the mobile number, wherein the second authentication data is embedded in a universal resource locator (URL) in a body of the text message;   detecting a user selection of the URL at the first server system indicative of selection of the URL from the text message; and   authenticating the mobile device in response to receiving the second authentication data from the user selection of the URL.   
     
     
         13 . The non-transitory computer readable storage medium of  claim 8 , wherein the first authentication data is received from the API via the first communications channel, and the second authentication data is sent via the second communications channel different from the first communications channel. 
     
     
         14 . The non-transitory computer readable storage medium of  claim 11 , further comprising:
 directing the first server system user interface to display a user interface for collection of additional user data after providing the authentication key, the additional user data comprising user biographical information, user financial information, or a combination thereof;   receiving the additional user data from the first server system user interface; and   associating the additional user data with the user account at the first server system.   
     
     
         15 . A first server system that authenticates a user account associated with a second server system, the user account providing one or more services of the first server system, the first server system comprising:
 a memory that stores user account information; and   one or more processors coupled with the memory configured to:
 initiate authentication of the user account in response to receipt of an electronic message over a first communications channel from a first server system user interface of a user device, the user account established for a user of the second server system, 
 request a first authentication data from an application programming interface (API) executing on the user device, the first authentication data stored at the user device prior to initiation of the authentication, wherein the first authentication data comprises a cookie indicative of a known prior device state of the user device, 
 receive, from the API, the first authentication data from the API executing on the user device, 
 send over a second communications channel a second electronic message to a mobile device associated with the user account at the first server system, wherein the second electronic message comprises a second authentication data, 
 receive over the first communications channel the second authentication data from the first server system user interface, 
 in response at least in part to a verification of the first authentication data and matching the received second authentication data with the sent second authentication data, verify the user as an authenticated user for the user account; and 
 in response at least in part to verifying the user, generate an authentication key for authenticating the user account at the first server system. 
   
     
     
         16 . The first server system of  claim 15 , wherein the one or more processors are further configured to:
 generate the authentication key for the mobile device in response to:
 the verification of the first authentication data and the matching of the second authentication data with the sent second authentication data; and 
   provide the authentication key to the user device for authentication of the user device on behalf of the user account when interacting with the first server system through a second server system application.   
     
     
         17 . The first server system of  claim 15 , wherein the one or more processors are further configured to:
 cause the first server system user interface to display a request to enter a mobile number purported to be for the mobile device;   receive the mobile number entered into the first server system user interface;   transmit a text message to the mobile number, wherein the second authentication data is embedded in a universal resource locator (URL) in a body of the text message;   detect a user selection of the URL at the first server system indicative of selection of the URL from the text message; and   authenticate the mobile device in response to receiving the second authentication data from the user selection of the URL.   
     
     
         18 . The first server system of  claim 16 , wherein the one or more processors are further configured to:
 direct the first server system user interface to display a user interface for collection of additional user data after providing the authentication key, the additional user data comprising user biographical information, user financial information, or a combination thereof;   receive the additional user data from the first server system user interface; and   associate the additional user data with the user account at the first server system.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.